Golf Firewall is the security layer for companies exposing MCP servers. It protects your MCP server from serving malicious or sensitive data - blocking prompt injections, PII leaks, and credential exposure before they reach customer agents.
👋 I'm Wojciech, co-founder of Golf. Your MCP server can be tricked into serving malicious data. We built the firewall to stop it.
This isn't about bad input or broken requests. Here's the attack: Your MCP server fetches data for an agent - a customer record, a support ticket, anything. But that data contains a poisoned prompt. When your server sends it back, it hijacks your customer's agent. Now you're the vector.
Antoni and I have been building in the MCP space since February. Over the past 10 months, we've worked with startups and Fortune 500s on their MCP strategies and production deployments. Across every implementation, the same pattern emerged: security is the #1 blocker preventing enterprise MCP adoption.
What Golf Does Golf Firewall is the first security layer purpose-built for MCP servers. It sits between your data platform and customer agents, inspecting every response in real-time:
✅ Stops prompt injections before they reach agents ✅ Filters PII automatically to maintain compliance ✅ Blocks credential exposure in server responses ✅ Runs on-premises - your data never leaves your infrastructure
It's how you make your MCP server secure, compliant, and enterprise-ready.
For the Product Hunt Community Golf runs on-premises in your infrastructure. For the PH community, we're offering something better than a demo: a free 30-minute MCP Security Assessment.
Audit your current MCP implementation for vulnerabilities Show you real examples of prompt injection attacks in the wild Map out your compliance requirements (SOC 2, GDPR, HIPAA) Give you a security roadmap even if you don't use Golf
Our Ask As one of the first teams securing this protocol, we'd love your feedback: - How are you thinking about securing data you serve agents? - What other "outbound" security risks in agent-to-agent communication worry you? - For those already shipping MCP servers: what's blocking you from going full production?
We'll be here all day answering questions and talking shop about MCP security.
Congratulations on the launch! I’ve read that with the rise of AI, the security field will benefit greatly. A great market!
Love the positioning - security for MCP servers is such a timely need. Congrats on the launch! 🚀
How does Golf handle false positives when blocking prompt injections? We've had issues with overzealous security tools breaking legitimate agent workflows.
Congrats on the launch! Clean, focused, and badly needed in the MCP world.
Love the enterprise security approach for MCP providers! As a UI/UX designer who's worked with 200+ products over 11+ years, I'm curious: how did you design the firewall configuration interface to balance technical depth for security teams with usability for developers? That tension between granular control and simple setup is always fascinating. Congrats on the launch!
Wish for you to succeed, guys! The idea is awesome, I really love how you built the Session Flow diagram, really nice.
You're doing god's work.
Me and some colleagues are trying to understand though -- why "Golf"? Is there some hidden meaning?
damn I was recently trying to figure it out with my enterprise client.
dm me guys, I need to try it
This looks sick! Are you guys planning to release some benchmarks or public experiments to expose how big of an issue this is?
Nice work @antoni-gmitruk! 🎉 Loved discovering Golf—your enterprise firewall specifically built for MCP servers is a real game changer for companies pushing AI agents to production. The prompt injection and PII leak protection layer is exactly what enterprises need to secure their AI infrastructure. How do you see this evolving over the next 6 months as more companies adopt MCP? Wishing you great momentum!
Prompt injection is the new SQL injection and most teams don’t even realize they’re already exposed.
Golf is solving a very real pain at the core of MCP adoption: security and trust.
Love the clarity of the problem statement and how deep you’ve gone into the “poisoned prompt” vector.
Congrats Wojtek & Antoni, feels like you’re building the missing firewall of the agentic internet 👏
Very cool stuff. And a very real fear. How big of a problem is this so far? i’d be curious to hear the horror stories.
Someone on my team was talking about MCP risks last week __ this fits perfectly for them.
MCP usage is totally naked at the moment.... Golf provides a solution for MCP safety. Cant wait to try it out to integrate into our agent flows.
👋 I'm Wojciech, co-founder of Golf.
Your MCP server can be tricked into serving malicious data. We built the firewall to stop it.
This isn't about bad input or broken requests. Here's the attack: Your MCP server fetches data for an agent - a customer record, a support ticket, anything. But that data contains a poisoned prompt. When your server sends it back, it hijacks your customer's agent. Now you're the vector.
Antoni and I have been building in the MCP space since February. Over the past 10 months, we've worked with startups and Fortune 500s on their MCP strategies and production deployments. Across every implementation, the same pattern emerged: security is the #1 blocker preventing enterprise MCP adoption.
That's why we built Golf.
See demo here: https://www.youtube.com/watch?v=W_J5atG-mww
What Golf Does
Golf Firewall is the first security layer purpose-built for MCP servers. It sits between your data platform and customer agents, inspecting every response in real-time:
✅ Stops prompt injections before they reach agents
✅ Filters PII automatically to maintain compliance
✅ Blocks credential exposure in server responses
✅ Runs on-premises - your data never leaves your infrastructure
It's how you make your MCP server secure, compliant, and enterprise-ready.
For the Product Hunt Community
Golf runs on-premises in your infrastructure. For the PH community, we're offering something better than a demo: a free 30-minute MCP Security Assessment.
Book a slot at https://cal.com/wojciech-blaszak... - we'll:
Audit your current MCP implementation for vulnerabilities
Show you real examples of prompt injection attacks in the wild
Map out your compliance requirements (SOC 2, GDPR, HIPAA)
Give you a security roadmap even if you don't use Golf
Our Ask
As one of the first teams securing this protocol, we'd love your feedback:
- How are you thinking about securing data you serve agents?
- What other "outbound" security risks in agent-to-agent communication worry you?
- For those already shipping MCP servers: what's blocking you from going full production?
We'll be here all day answering questions and talking shop about MCP security.
Thanks for the support!
- Wojciech & Antoni, Golf